4.9 • 696 Ratings
🗓️ 24 June 2025
⏱️ 5 minutes
🧾️ Download transcript
Click on a timestamp to play from that location
0:00.0 | Hello and welcome to the Tuesday, June 24th, 2025 edition of the Sands Internet Storm Centers |
0:07.5 | Stormcast. My name is Johannes Ulrich, and today's episode is brought to you by the Sands.edu |
0:14.5 | graduate certificate program in cybersecurity leadership, and it is recorded in Stockholm, Germany. |
0:22.8 | Now, today I noticed that some Telnet Zieg scanners did use a little bit an odd username, |
0:30.2 | super underscore YG. |
0:32.2 | This started on the 18th, so a couple of days ago and has been used persistently since then by about |
0:39.6 | a dozen different IP addresses that in addition to this username, they also scanned for |
0:46.4 | some fairly common usernames like Rood, Guest, and other sort of common default username |
0:53.9 | and password combinations. So this one |
0:56.5 | stuck out a little bit. Turns out it's associated with an older vulnerability from 2017 in |
1:05.1 | software that is called IP cameras and made by a company that I believe is pronounced I channel. |
1:13.8 | Now, the issue here is that even though this particular vulnerability was discovered and reported in 2017, |
1:21.3 | there is no real evidence that this default username and password has ever been removed from this particular product. |
1:30.6 | This is an IP camera product, but not your usual sort of standalone IP camera. |
1:36.4 | It's actually software that can be used to turn smartphones, tablets, laptops and such, |
1:42.7 | into IP cameras for surveillance, for security cameras. |
1:48.9 | And with that, of course, a lot of the functionality and with that common vulnerabilities |
1:53.6 | that we often find in these type of cameras are being exposed. |
1:59.9 | And then if you are running Citrix's |
2:02.8 | NetScaler appliances, well, |
2:05.6 | it's update time for you last week. |
2:09.5 | Citrix did release a critical update. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.